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4 BST8ACT 



This thesis is a continuation of the study work done by 
Moedjicno ( M. S . thesis. Naval Postgraduate School, 1982 ) 
concerning personnel database in the Indonesian Navy. 

It discusses the current dacabase security and the 
concept of Maltics (Multiplexed Information and Computing 
System) tc propose a personnel database security model in 
the Indonesian Navy. 
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I. INTRODUCTION 



This thesis is a continuation of the thesis " The 
Preliminary Personnel Data 3ase Design for the Indonesian 
Navy ", by Moedjiono at the Naval Postgraduate School, 
Monterey, California, June 1982. 

Since 1977, the Indonesian Navy Data Center 
(DISPULAHTAL) has collected and processed personnel data to 
support the leadership in the Navy In their decision making. 
In 1980 work began on the desrgn of personnel database 
system. Computerization of personnel data took place only 
within the Department of Personnel and was limited to admin- 
istrative purposes. However, other- departments in the Navy, 
such as Intelligence, Operations, Logistics, and Planning , 
had to work with an increasing and mors complex amount of 
data. With every department maintaining its own personnel 
data there were discrepancies. Information was often incom- 
plete or uniformly updated, since not all departments 
received data changes. The increasing availability cf data, 
and the importance of timely decision-making emphasized the 
need to establish a computer system which could accommodate 
these needs. 

Since information is a recognized source of economic 
value, the data wich comprise the information should be 
secured adequately. 2. B. Fernandez [Ref. 5] defines infor- 
mation as: 



a critical resource in today's enterprises, whether they 
are industrial, commercial, educational, or civic. 

Information has been widely recognized as a resource of 
economic value to an enterprise. 
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This thesis proposes to continue the design work of a 
personnel database system begun in 1983. 

As the use of computers increases, the number of people 
who might have access to confidential information also 

increases, emphasizing the importance of access security. 
In the military, a leakage of information could endanger 
national security. Data on secret weapons, numbers and 
distribution of personnel, emergency procedures, and 

personnel background are important to the enemy. 

Internally, misuse of data may result in corruption of 

totals of data in compiling salary lists or theft of secret 
information for use by the enemy. The absence of any type 
of data protection may lead to unintentional errors by an 
operator resulting in the destruction or damage of data. 
Natural disasters also may destroy information or data. 
Damaged information may lead to inaccurate decisions, which 
may jeopardize national security. 

To prevent the above mentioned problems, it is essential 
to provide protective mechanisms to database systems. In 
other words, there is a need for database security. 

In view of the developments of personnel database in the 
Indonesian Navy and the absence of protective mechanisms, 
this thesis propose a concept to provide security for data 
that will be the basis for decisions made by the leadership 
of the Navy. 

There are many varieties of database types, but this 
thesis will be limited to the security of personnel data- 
base. The six sections cf this thesis are: 

I. Introduction. 

II. The current proposed personnel database 
s yste ms 

III. The needs for security protection. 

IV. The Multics concepts. 
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V. Implementation of Baltics in database 
security . 

VI. Conclusions and Recommendations. 



This personnel database security concep 4 - will be a 
contribution to the security of computerized data processing 
in the Indonesian Navy. 
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II. THE COHRENT PROPOSED PERSONNEL DATABASE SYSTEM 



The present Database systems [Ref. 3] have the following 
objectives : 

- Reducing redundancy 

- Sharing of data 

- Avoiding inconsistency 

- Enforcing standards 

- Maintaining integrity, and 

- Balancing of conflicting requirements. 

This database contains 97 data elements divided into two 
[Ref. 10.] basic groups: 

1. Static data elements. 

2. Dynamic data elements. 



A. STATIC DATA ELEMENTS 

Static data elements consist of data that will not 
change frequently. 

For example: 

Main Identification constitutes a group by itself 
containing the elements numbered 101 :o 108. Data elements 
rarely retrieved by applications programs are entered into 
Personnel Characteristic (element ft 200) which in turn are 
divided into the following four sub-groups: 

1. Marriage subgroup (element * 300) containing elements 
numbered 301 and 302. 

2. Address subgroup (element # -tOO) containing elements 
numbered 401 to 403 . 



12 



3. 



# 500) 



Body charac teristi c suDgroup (element 
containing elements numbered 501 to 511. 

4. Category and Status subgroup (element # 600) 

containing elements numbered 501 to 607. 

B. DYNAHIC DATA ELEMENTS. 

Dynamic data elements are those which are frequently 
changed. They are divided into several subgroups corre- 
sponding to their historical data. These groups include: 



1 . 


Rank group (element # 700) 

numbered 701 to 707. 


conta ining 


ele me nts 


2. 


Profession group (element # 300) 
numbered 801 to 8 10. 


cont aining 


elements 


3. 


Education group (element # 300) 

numbered 901 to 909. 


containing 


elements 


4 . 


Education group (element * 1100) 
numbered 1101 to 1106. This group 


containing 
is divided 


ele me nts 
into two 



subgroups : 

a. Activity and profession subgroup (element # 1200) 
containing elements numbered 1201 to 1204. 

b. Family education subgroup (element # 1300) 
containing elements numbered 1301 to 1303. 

5. Payroll group (element * 1400) containing elements 
numbered 140 1 to 1414. 

6. Security group (element # 1500) containing elements 

numbered 1501 tO 1506. This group is divided intc the 
following two (2) subgroups: 

a. who involved subgroup (element # 1500) containing 
elements numbered 1601 to 1603. 

b. Measures subgroup (element # 1700) containing 
element numbered 1701 to 1703. 

(For complete overview of element numbering see Appendix A.) 



The above database system foras a 
tratea in the model below: 



hierarchy as ilus- 



M A IN ID 
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III. THE NEED FOR SECURITY PROTECTION 
A. GENERAL APPROACH 

Ths use of automata! data processing equipment has 
become widespread because it permits the handling and 
storage of vast amounts of information at an affordable 
cost . 

The military benefits from the use of computers include 
speed and accuracy of data collection which results in 
timely and improved decisions. Beside these advantages a new 
hard-to-solve problem emerges, that of information security. 

The basic problem is illustrated in Figure 3.1 Users and 
data at various security levels desire simultaneous access 
to the machine's resources. 

Data with all security levels are stored on the system. 
Users with proper security credentials are granted data 
accesses. Navy security policy requires that an individual 
must possess the required non -discretionary 1 and discre- 
tionary 2 privileges before being granted access to ths 
informa tion . 

In fact, application of computers in Indonesia is new, 
so careful considerations should accompany the design and 
implementation of the basic concepts of database security. 



1 Nor.-discret ionary security requires that the individua 
has a security clearence of higher or ecrual level than th 
level of the information requested. 

2 Discretionary security requires that the individual 
possesses a proper need- to- know for requested information 
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* USER PROCESSING : CONCURRENT MULTI USER/LEVEL 
U 1# U 3 , U 3 . . . users 



S secret 

C classified 

U unclassified 



Figure 3.1 Problem Description. 
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Frequent foul play often takas place because of the lack 
of protection when using computer systems, as well as 
protection of the database systems. 

In the military, particularly, information is very 
important. Leakage or corruption of military information 
could endanger national security. Information about secret 
weapons, numbers and distribution of personnel, emergency 
procedures, and personnel background /data are all very 
important to the enemy. On the other hand, for authorized 
users updated data is very important since an error in the 
data may produce faulty decisions. 



B. DEFINITIONS 



Many definitions are used 
most widely used definitions 
(198 1) [ Ref. 5 ] ar e : 



in database security. The 
according to Fenandez E.B. 



" Information security is the protection of informatior. 
against unauthorized disclosure, alteration, or destruc- 
tion. " 



" Database security is the protection of information 
that is maintained in a database." 



C. SECURITY THREATS 



A database security violation 
ized reading, modification, or 
stored in the database. Possible 
a computer system may be broadly 
cious or accidental acts. 



may take form as unauthor- 
destruction of information 
threats to the security of 
classified as either mali- 
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DATABASE 
Unauthorized access 
Copying 
Theft 



HARDWARE SYSTEMS SOFTWARE 

Failure of protection mechanisms Failure of protection mechanisms 
Contribution to software failure Information leakage 



APPLICATION PROGRAMMER 
Programming of applications 
to behave contrary to 
specification 




Incorrect specification Duplication of confidential reports Bypass of security mechanisms 

of security policy Loading of insecure system Disabling of security mechanisms 

Theft of confioentiai material Installation of insecure system 



EXTERNAL ENVIRONMENT 
Natural disasters 
Malicious attacks 

Unauthorized access to computer room 



t rom: 

Database Security & Integrity 
By E.B. Fernandez 



Figure 3.2 Security Threats. 

In Figure 3.2 , we see the possibility of a malicious 
conduct by exploiting loopholes in the system. There are 
also threats resulting from human errors, such as acciden- 
tally destroying information, or allowing it to be se a n by 
unauthorized people. In addition, natural disasters may 
destroy or prevent access to information. These threats are 
classified as nonmalicious threats. 
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D. SECURITY PROCEDURES AND MECHANISaS 



Security threats arise from a wide variety of sources, 
therefore procedures and mechanisms necessary tc provide a 
secure environment must cover many areas of the enterprise. 

External procedures ms: be sat up so than security 

mechanisms implemented within the system can be effective. 
We must select personnel who have access to highly classi- 
fied information through security clearance procedures. 

Storage devices and other hardware must be physically 
protected against any damage from natural disasters or mali- 
cious attack. Protection of removable storage against theft 
is also necessary. We also need backup systems for copying 
data files at different locations to protect against infor- 
mation loss. 

Information may be stolen or tapped during transmis- 
sions, and encryption is one way to protect this data. 

In summary, the security of a database depends on a 
complex set of protective measures: human, software, and 

hardware [Ref. 14], 

E. SECURITY POLICIES 

An access-control 3 system determines the way a subject 4 
may access 5 data or objects. 6 



3 Access-control. A strategy for protecting obiects from 
unauthorized access. 

♦Subject. An active user of a computer system together 
with any other entity acting on behalf of a user or on 
behalf of the system; for example, processes, jobs, and 
procedures may be considered subjects. Certain subjects may 
also be considered to be objects of the system. 

s Access. The ability and the means necesary to store or 
retrieve data, to communicate with, or otherwise make use of 
any resource m a computer system. 

6 0bject. In a formal security model, an identifiable 
resource, data container or related entity cf the system; 
the counterpart of subject. Software-created entities such 
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There are many kinds of access-: ontrol 
depend upon the categories of information 
of the users (subjects) . 



policies and they 
and the positions 




Figure 3.3 Access-ty pe-dependent Access Control. 



Figure 3.3, shows a situation where not everybody can 
see the whole file. Users are given access to the file, 
according to their position. 



as files, programs and directories are objects, as well as 
hardware resources such as memory blocks, disk tracks, 
terminals, and tapes. 
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An access can be of several forms: 
r - read 
v - write 
a - append 
d - delete, and 
e - execute 

An execute access is often used but omitted from this 
model due to the fact that execute access in the proposed 
protection architecture is similar to a read access. 

To be qualified to access specific data, a user must 
conform to the military security conventions of classifica- 
tion, category, and need-to-know. 




Figure 3.^ Combination of Compartment and Levels. 



In military, for example, the Army, Savy 
different kinds of categories of files 
secret to unclassified files. Tnus by 



and Air Force have 
ranging from top 
a combination of 
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compartmentalization and levels, a good policy for ccr.:rol 
information flow can be created. 



F. MULTILEVEL MODEL 

This model introduces the concept of levels and catego- 
ries. Each subject is assigned a clearance level, and each 
object is assign a classification level. Every person in 
the military has different security levels that permit how 
far (s) he may access the file and how much (s)he can see the 
file. Therefore a security level is a composite of: { A, B 
}, where A is the classification level and B is the set of 
categories. 

One security level is said to dominate another if and 
only if: 

1. its classif ica tion or clearance level > the 
other, and 

2. its category set contains the other. 

Clearance and classification levels are ordered as 

fellows: 

top secret > secret 

secret > confidential 
confidential > unclassified 



Security levels are only partially ordered however, so that 
some subjects and objects are not comparable. In Figure 3.5 



are not comparable. The 



, L2 is 


do min a t 


sd by LI , 


since 


and its 


set of 


categories 


is 


security 


levels 


of LI and 


L3, 


elements 


of th e 


above model 


are 
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Figure 3.5 Ordering of Security Level. 



Access to an objecr can be through either observing 
(READ) the object or altering (APPEND) the object, and from 
this combination we can determine the access type: 

* not both 

* READ 

* APPEND 

* WRITE 



The 

sysrem, 

1 

2 



multilevel model consider 
which are described by: 
the current access set, 

( subject, object, acces 
an access matrix. 



the 


states of a 


s ec ur e 


hich 


is a set of t 


r iplss 


type 


) or (s,c,i) , 
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1 Element Interpretation 

i _________ ___________ 

I Subject s 

Object o 
Classifications 

Categories 
Security level 
Access attribute t 

Access matrix 
Request 

(s. o, t) 

Decision 
Rules 



From: 

Database Security & 

Integrity 

E.B. Fernandez 
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Process 
Data, files, . . . 

Clearance level of subject, classification level o- 
object 

Access privileges 
(Classification, category set) 

No observe, no alter; observe only, observe and alter; 
alter only 

Discretionary security 

Changes current access or other aspects of system 
state 

Current access 
Yes. no error, or ? 

Determine decision, next state 



Figure 3.6 Elements of the Multilevel Model. 



3. the security level of each subject, and 

4. the maximum and current, security levels of each 
subj ect. 



1 • Requir ements to Read Pat a from a Data Set 

k user may read a set of data if, and only if his 
clearance dominates the classification of a data set. The 
clearance of user (0) dominates a set of data (D) if, and 
only if, 

military classification (U) > military classification (D) 
category (P) c category (D) 

U need-to- know ( read D) 
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2. R equir ement to Write Data into a Data Set 

A user may not write data into a set of data if th 
classification of the data he is writing dominates the cias 
sification of the data into which he is writing. That is 
if the user wishes to write data (i) into data set (D) , i 
is required that 

military classification (d) < military clas sif ication (D) 

category (d) 2 category (D) 

U need-to-icno w (writs D) 
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17. THE MOLTICS CONCEPTS 

A. GENERAL CONCEPT 

The Multiplexed Information and Computing System 
[Ref. 1] (MULTICS) , employs the concept of rings of protec- 
tion, based on: 

1. Need to know, and 

2. Firewall, to minimize damage due to errors. 

Basically protection of data or objects in Multics is 
achieved by compartmentalizing all of the stored information 
into discrete packages called segments, where each is asso- 
ciated with a set of access attributes. 

This chapter will discuss the concepts of access 
control, protection, and filing concepts in Multics, since 
these filing concepts will be a basis for the implementation 
of the existing personnel database in the following chapter. 

B. ACCESS CONTROL AND PROTECTION 

In Multics, compartmen talization [Ref. 11] is achieved 
through two primary mechanisms: 

1. Per-Segment Access Control 

2. Concentric Rings of Protection 

These mechanisms complement one another. 



1 . P er-sa gm ent Access Contr ol 



Per-Segment Access Control is 
and controlling the type of access to 
segment given to an individual user. 



a means of denoting 
a particular shared 
A segment may be 
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shared by two or more processes. The subject who creates the 
segment and grants permission to share to a user, may 

specify the type of access to be given to each grantee. By 

this privilege, Multics guarantees char a user can safeguard 
the information he creates and files away for future use. 
Multics permits the coexistence of many processes, each of 
which competes for the system's physical resources and 
employs the same file system hierarchy. 

The hierarchical directory structure in Multics 
which controls the file system looses like ordinary file. It 
includesauthors, users listing and access type permitted to 
each user which is granted individually. Each author listed 
in the directory is associated with a fils in the access 
control list ( ACL ) . 

2. Concen tric R ings of Pr ote ction 

The ring mechanism, by contrast, offers int reprocess 
protection of a segment. . The concentric-rings concept is 
essentially a generalize tio n of S (supervisor) and (J (user) 
domains. The segments of any process are associated with a 
set cf generally two or possibly more concentric rings. 

A ring procedure prevents any user from referring tc 
inner ring data segments which have higher level classifica- 
tion. A user is permitted tc access more privileged proce- 
dures only through specially controlled entry points called 
"gates" . 

By subsetting the segments of a process into rings 
and by effectively controlling interactions and communica- 
tion between segments of different rings (supevisory or 
userlike) , Multics has the potential to isolate trouble and 
limit the damage in the system. When an outside ring is 
damaged, this will net effect the inner ring, but damage tc 
the inner ring will cause damage to the outside ring as 
well . 
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Ring brackets are associated with accessible 
segments as shown in Figure 4.1 . 




READ 



Figure 4.1 Segment Privileges. 

Read and Write privileges are always associated with a ring- 
bracket starting at ring 0. In Figure 4. 1 for example, the 
read bracke* is defined as ring 3 to ring 4, which means 
that if a process is currently being executed in ring 
0,1, 2, 3 or 4, then it may read the segment. 

The Call bracket is defined as ring 5 and 6, which 
means that only when a process is executing in ring 5 or 6 
can it call this segment when the segment is being executed, 
as the process is in ring 3. 
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In Multics , all storage are organized as named 
segments, and the segment is the unit of protection. A 
segment can contain either data or procedures. 

A Multics process is usually associated with an end 
user who is identified by a unique number. In the database 
context an end user invoices a database application program 
by combining a number of procedures. Eventually one cf these 
procedures will call a DBMS procedure, which in turn may 
call other DBMS or operating-system procedures. The user can 
build protected subsystems by grouping procedures into 
segments that can then be protected from one another. 

Associated with each process is a descriptor 
segment, which is a vector of segment descriptor words 
(SDWs) providing addressability to all* the segments acces- 
sible to the process. A directory system is used to locate a 
segment when it is first referenced by a process. The direc- 
tory entry for a segment contains an access-control list 
specifying which users can access tie segment and what their 
rights are. If the requested access is authorized, the 

segment is added to the user's virtual memory by adding the 
appropriate SDW to the user's descriptor segment. 

Initially all information is stored in the access- 
control list. However, when the sequent is first referenced, 
the information is copied into the SDW for the segment. For 
every subsequent access by the process the SDW alone is 
checked by hardware to determine whether an access is 
authorized. 



C. MULTICS FILE SISTEM 



The 

Segment 

segment 

segment 



Multics filing system consists of two modules: 
Control and Directory Control. Hera, file and 
are entirely synonymous, since the concept of 
is merely an extension of the concept of file. 
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The segment Control Module (SCM) interprets the intent 
of the user’s symbolic references to segments. It determines 
to which, if any, of the segments already known to the 
process a given symbolic name refers. If none, the Segment 
Control Module must then determine if a new segment is to be 
created and placed in the hierarchy. 

When using the SCM, a Known Segment Table (KST) is 
needed to store segments currently part of the process. SCM 
maintains control over these re f er s ace-nams-s sgment -num ber 
pairs in a given process. Its job is to develop and reuse 
each name-number pair in its proper context. 

The directory Control Module (DC M ) is used to search all 
inquiries about the status or location of segments and/or 
their descriptions, because only this module is permitted to 
read and alter the contents of the directory segments. 



1 . Direct ory St ruc ture 

This filing system has a directory structure that 
contains two types of entries which may be added to it: 

1. branches and 

2. links. 

A branch is a detailed description of a segment 
located in the secondary storage of records that comprise 
the segment. A link is a special kind of named entry whose 
purpose is to point to another entry, normally in soma (any) 
other directory. This allows a useful form of cross- 
referencing capability, to be superimposed over the basic 
tree structure formed by the branch-type enrries. Figure 
4.2 shows an example of the conceptual model of the file- 
system tree structure. 
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From : 

The Multics System 
By E. I. Organ ick 



Figure 4.2 Conceptual Model of the File-systaa Tree Structure. 
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To reach a certain branch, a certain path is needed 
using path_name and rslativ e_path_name. A path_name, is a 
list of the node names from the root to the branch (or link) 
inclusive, where elements of the list are separated by the 
">" character. For example, to search for "sub" the 
following path name is used: 

"> user_dir_dir > projectl > user a1_directory > sub", 
and to search for "sort" the path name used is: 



" >user_dir_dir > projectl > usara 1_directory > sort" 






directory path name 



entry 



Gallic 



path name for the branch (or link) 

In other words, the Multics link is considered a shorthand 
for symbolic pathname, therefore, in introduces no addi- 
tional structure. 

Figure 4.3 shows that from directory A, the symbolic 
name "E" is shorthand for " > 8 > E " . Any path name may 
begin with " > ", if a path name begins wrth other than " 

>' , the given path is referred to as a relative path name. 

At all times, an executing process is associated 
with a working directory. This is a directory the process 
happens to be currently "using". It is merely a reference 
marker to a point in the hierarchy from which it becomes 
convenient to describe a relative path to other segments. 
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1 




i 



Figure 4.3 Interpretation of Links. 

Thus , a tree path to a particular node may be described 
relative to the working directory of a process. For example 
referring to Figure 4.2 the path name for sort is simply 
"sort”, and the path name for delete is f, a1_library > delete 

If 

• 

It is also possible to use the relative path-name 
convention when referring to a branch that is not a descen- 
dant of the working directory. This is done with the aid of 
the character "<". It is interpreted as parent of the 
working directory. And "<<" would mean parent of parent of 
the working directory, and sc on. For example, relative 
path name for < user a3_ directory > is "« project2 > 
usera3_directory ,, or " use r _dir _i ir > project2 > 

usera3_director y " 
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is a set of 
The. following 



2. E lemen ts of a Secure Multio s 

Corresponding to a state (b,H,f,H) 
information structure in Sultics 'fief. 2]. 
correspondences have been identified: 

b - Segment Descriptor Words (SDW) 

M - Access Control List (ACL) 
f - Information in directory segments and 
special process security tables 
H - Branches 




Figure 4.4 Data Structure of an ACL for an Individual Branch. 
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An element (Si, Oj, x) in b indicates that subject 
Si has current access to object Oj in access mode x. 

In SD'rf is a field which indicates access permission 
(write, read, execute, or append) 

An entry in M such as { r,w } indicares that subject 
Si has read and write permission with respect to object Oj, 
if Oj is a data segment. 

As example of the data structure of an access- 
control list for an individual branch is shewn in Figure 4.4. 




Figure 4.5 Baltics Hierarchiy Equivalent. 
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3. Re t rie ving F ile-br a nch Information 

The hierarchy H of the model is structured to 
reflect the tree structure among segments realized by 
branches in Hultics. If Oi and Oj are objects in the model 
and H (Oi) includes Oj, then Oi is the parent of Oj. Figure 
4.5 shows this situation. 




When directory control is supplied a path name for 
the purpose of retrieving corresponding file-branch informa- 
tion, the desired directory entry is retrieved by link or 
branch. If it is a branch, the target has been reached, and 
if it is a link the path name found in a link is then 
employed for a repetition of the retrievel process. It is 
possible that a chain of links evetualiy leads to a branch. 
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Figure 4.6 shows hew user4 grants permission to 
user3, and user3 grants permission to user2 to use + heir 
routines. If user2 and aser3 appear in the access control 
list for <b> in user4's user directory, then user2 may use 
"d" as a symbolic reference and user3 may use ,, c" as a 
symbolic reference to the segment whose branch entry is 
named "b" . 
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V. IMPLESENTiriON OF HULTICS IS DATABASE SECURITY 



The basic security model including data security in 
Hultics has been discussed in the previous chapter. Before 
we further discuss the implementation of database security 
we will take some assumptions as followed; Firstly, 
although the Multics system was developed and applied to 
operating systems for Honeywell computers, we will assume 
that it can also be used by o 4, her computers in general. 

Secondly, we assume that users in the Indonesian Navy 
database system are limited tc five assistants for Chief of 
Staff of the Indonesian Navy, namely: 

1. Assistant for Security 

2. Assistant for Operations 

3. Assistant for Personnel 

4. Assistant for Logistics 

5. Assistant for Planning 

The second assumption is needed because there are some 
offices supervised by the Assistants which currently deal 
with the personnel database system. 

The description of a directory has been discussed in 
Chapter IV, therefore we will not discuss how to find a 
segment in this chapter. 

The personnel database in the Indonesian Navy is divided 
into 17 segments. The method proposed here adds 2 segments 
which are: 

Segment 400, which is followed by elements number 
401-403, is divided into two, namely segment 400 which is 
followed by elements number 401 and segment 500 which is 
followed by elements number 501. Tnis change is needed since 
element's owners are different. 
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For the same reason, segment 500 which is followed by 
elements 501-502, is divided into tvc segments, namely 
segment 600 followed by elements number 601-607 and segment 
700 followed by elements number 701-705. 

All changes are shown in the table in Appendix C. 

We can summarize to this point that the personnel data- 
base is now divided into 19 segments and there are 5 users, 
which follow the sequence of assistant staffs. It has been 
determined who owns each segment, and each owner has the 
authority to update the contents of his segment (s). 

To implement the new security method mentioned above, it 
is necessary to set up a table containing all segments and 
their relation to each user. The table tells what segment 
belongs to whom and what kind of accesses are authorized to 
other users. In this case the DBA (Database Administrator) 
can arrange the table in the proper order. 



TABLE I 
Access Table 



ELM DATA-NAMEIYPE OF ACCESS 
# SI S2 53 S4 S 5 



100 MAIN ID 5 R RWAD R R 



200 CHARACT R RWAD 



300 



MARR 



RWAD 



400 


A DDR 


R 


— 


SHAD 


— 


— 


500 


ADDRSTA 




- 


R 


RHAD 


- 


600 


BODYCHAR 


- 


- 


3 HAD 


- 


- 


700 


PERSIZ 


- 




R 


RW AD 


- 


300 


CATEG 


R 


R 


RWAD 


R 


R 


900 


RANK 


R 


R 


RHAD 


R 


3 



1000 PROFESS R R 3 H AD R 



1100 EDOC R R SHAD R 



1200 


SUBJ 


R R SHAD R 


1300 


FAM 


R _ SHAD 


1400 


FACT 


R _ RHAD 


1500 


FEDUC 


RHAD 


1600 


PAYROLL 


RHAD 


1700 


SEC 


RHAD 



40 



1800 



WHOINV 



R W AD 



1900 i'IEAS RWAD 



R - read 
W - write 
A - append 
D - delete 



Security is divided into 4 levels : 

1 . Top secret 

2. Secret 

3. Confidential, and 

4. Unclassified 

Segment numbers 1700, 1800, and 1900 are in the classi- 
fied levels and the ether segments classifications will be 
determined in the future, depending on the needs of the 
Navy . 



VI. CONCLUSIONS AND RECOMMENDATIONS 



It is justified here to draw some conclusions and make 
recommendations concerning the importance of personnel data- 
base security in the Indonesian Navy. 

The conclusions can be described as follows: 



1. Database security is very important to any database 
system, especially in the milinary. 

2. The Multics system provides basic concepts to achieve 
a sound database security system. 

3. The Indonesian Navy personnel database security can 
be improved by applying such concepts as the one 
described in this thesis. 

In order to implement this security model in ^he 
Indonesian Navy database personnel system, it is recommended 
to: 



1. Assign security personnel under the DBA who will be 
responsible for the security of the existing data- 
base . 



2. Conduct further research to explore possible enhanch- 
ments to the physical design related in this 
proposal. 
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APPENDIX A 

DATABASE PERSONNEL TABLES 



Each of these tables contains two elements: cod* and 

description. Example: " IHale " indicates cede number 1 is 
Male. 

1. PERSONAL ST AIDS: 

A. Military 





01 


Volunteer 


03 Titular 




02 


Obliged 




B. 


Civ 


ilian 






11 


Daily_labore r 






12 


Honthly_laborer 






13 


Honthly_laborer organic 






14 


Temporary So vernment_o f f icial 






15 


Pre_Governraent_cf f icial 






15 


C ivil ian_Government_o f f icial 






17 


Civilian_Military_Titular Gcv 


err.ment_off icial 


PERSONAL 


CATEGORY: 




0 


Not 


clear 5 Waiting 


for placement 


1 


Acti 


ve organic 5 Waiting 


for direction 



2 In charge 

3 In assistance 

4 In direction 

SEX: 

1 Male 

MARITAL STATUS 
1 Harried 



7 Pre_ratired 
3 Money waiting (UT) 
9 Retired 



2 Female 



2 Not married 



4 3 



5. CHILDREN ALLOWANCE STATUS: 

1 Claimed by him/ 
her s e If 

6. HOUSING STATUS: 

1 Government-quarters 

2 Mess 

3 Ship 

7 With relations 

7. BLOOD TYPE: 

1 A 

2 B 

3 AB 

8. COLOR OF SKIN: 

1 White 

2 Yellow 

3 Black 



2 Claimed by spouse 



4 Private/owned 

5 Ranted 

5 Coatract/leased 



4 0 

5 X 



4 Yellow-brown 
3 Brown 



9. HAIR: 



1 Sraight-lank 

2 Curly 

1 0 . COLOR OF EYES : 



3 S rraight-stif f 

4 Wavy 



1 Black 

2 Blue 

11. SIZE OF PANTS/SHIRT: 

1 Small 

2 M ed i u m 

12. RELIGION: 

1 Moslem 



3 Brown 

4 Green 



3 Large 



4 Hindu 
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2 Catholic 

3 Protestant 

STATUS OF RANK: 

1 Effective 

2 Temporary 

3 In education 

14. TYPE OF PROMOTION: 

1 Regular 

2 Extraordinary 

15. STATUS OF PLACEMENT: 

0 Organic 

1 Labor (non organic) 

2 In charge (detached 
from parent command) 

16. RESULT OF EDUCATION: 

1 Graduated 

2 Not graduated 

17. FAMILY RELATION: 

0 Spouse 

1 Child number 1 

2 Child number 2 

3 Child number 3 

4 Child number 4 

18. RANK: 

A. Military: 

99 Third Sailor 
93 Second Sailor 
97 First Sailor 
95 Second Corporal 



5 Budhist 
5 Cofucian 

4 Military obligated 

5 Military titular 



3 Honor (meritorious) 

4 Honour-grace (posthumous) 

3 In assistance (temporary 
additional duty) 

4 In direction (independent 
aut y) 

3 Incomplete . 



3 


Child 


r.um ber 


5 


5 


Child 


num ber 


6 


7 


Child 


num ber 


7 


3 


Child 


num ber 


8 


9 


Child 


num ber 


9 



45 



95 


First Corporal 




83 


Second Sergeant 




87 


First Sergeant 




85 


Head Sergeant 




85 


Sergeant Major 




84 


Second Assistant L 


is at an ant 


83 


First Assistant Li 


eutsnant 


82 


Candidate Officer 




78 


Second Lieutenant 




77 


First Lieutenant 




75 


Capta in 




63 


Major 




67 


Lieutenant Colonel 




65 


Colonel 




58 


First Admiral (Com 


moiore) /Brigadier 


57 


Rear Admiral/Major 


Sen era! 


55 


Vice Admiral/Lieut 


eaant General 


55 


A dmiral/Gena ral 





B Civilian 



48 


Group 


I/A 


27 


Group 


III/3 


47 


Group 


1/3 


26 


Group 


III/C 


46 


Group 


I/C 


25 


Group 


III/D 


45 


Group 


I/D 


18 


Group 


IV /A 


38 


Group 


II/A 


1 7 


Group 


IV/S 


37 


Group 


11/ 3 


15 


Group 


IV/C 


36 


Group 


II /C 


15 


Group 


IV /D 


35 


Group 


11/ D 


1 4 


Group 


IV/E 


28 


Group 


III/A 









19. CORPS: 

A. Military 

130 Sailor/Deck (for officer only) 
15 1 Deck 
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16 2 

16 3 

16 4 

165 

166 

157 

200 

25 1 

25 2 

26 3 

26 4 

30 0 

35 1 

35 2 

35 3 

35 4 

36 5 

35 6 

367 

36 8 

40 0 

461 

46 2 

46 3 

45 4 

46 5 

45 6 

46 7 

45 8 

45 9 

47 0 

471 

50 0 



Torpedo 
Weapon 
Cons table 
Sign al 
Telegram 

Under-Water Weaponry 

Technician/Engineer (for officer only) 

Mechanist 

Cons tructio n 

Ship Construction 

Airplane Maintenance 

Electronics (for officer only) 

Radio 

Radio-Radar Mechanic 
Electro- Mac hire Mecaanic 
Electrician 

Sub- Weapon Electrician 
Electro Mechanic 
Weapon Electro Mechanic 
Electron ica 

Marine (for officer only) 

Infantry 

Amphibious 

Field Artillery 

Air Defence Artillery 

Tank 

Pans am (Amphibious lank) 

Transportation 
Zipur (Defense Construction) 
Communication-Electr onica 
Nurse 

Field Support 

Administration (for officer only) 

47 



561 

55 2 

56 3 

55 4 

565 

55 6 

567 

630 

651 

66 2 

66 3 

654 

66 5 

666 

73 0 

751 

76 2 

75 3 

75 4 

76 5 

756 

76 7 

75 8 

76 9 

83 0 

861 

86 2 

86 3 

864 

86 5 

866 

85 7 

85 9 



Writ er/Typi st 

Finance 

Support 

Family bussiness 

Cook-1 

Cook 

Tailor 

Health (for officer only) 
Nurse 

Radiologist 

Analyst 

Dental Technician 
Chem ist 

Assistant Chemist 

Specialist (for officer only) 

Judicature 

Int elligeno e 

Transportat ion 

Carpenter 

Physical Fitness 

Musician 

Photography 

Cine matogra phy 

Miscellaneous 

Woman (for officer only) 

Communicati on 

Writer/Typi st 

Finance 

Information 

Physical Fitness 

Nurs e 

Nav- Informa tion Defence 
Air Traffic Controller 
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930 Clergy (for officer only) 



Ci vi 


.lian : 








00 0 


Administ 


ration 






031 


General 


Adm inistr at 


lion 




002 


Fina nee 


Administrat 


lion 




03 3 


Labor Ad 


min isrration 




00 4 


Support 


Administrat 


:ion 




03 5 


Nurs ing 


Adm inistr at 


lion 




006 


Tech nica 


1 Administ: 


ration 




03 7 


Typ 1st 








00 8 


Stencil 


Msc hanic 






03 9 


Nurs ing 


Staff 






010 


Statist! 


c Administ: 


:a tion 




01 1 


Law Admi 


nis tration 






012 


Library 


Administration 




013 


Tr anspor 


ration Adm: 


.a iscra 


tion 


014 


Housing 


Adminisrra: 


lion 




015 


Post Adm 


inisrratio: 


L 




016 


Miscella 


r.eous Admin 


listrat 


ion 


017 


Technic! 


an 






018 


Ship Technician 






019 


Engine/M 


achine Technician 




02 0 


Electro 


Technician 






021 


Construe 


tion Techni 


.oian 




02 2 


Carpenre 


r 






02 3 


Welding 


Technician 






024 


Tela phon 


e-telegraph lechn 


icia 


02 5 


Radio Technician 






026 


Mechanic 


/Driver 






027 


Laborer 








028 


Phot ogra 


phe r 






029 


Film Ope 


rat or 
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030 


Metal Techn 


ician 


03 1 


Painter 




032 


Weapon Tech 


nician 


033 


Fire Safety 


Inpector 


034 


Constructor 




03 5 


General Con 


trailer 


036 


Shipyard Wo 


rker 


037 


Pump Techni 


clan 


038 


Railroad Te 


clinician 


03 9 


Mateorologi 


cal Technician 


04 0 


Miscellanso 


us 


04 1 


Nur s e 




04 2 


Dental Nurs 


e 


04 3 


General Nur 


sing 


04 4 


Midw ife 




04 5 


Phar macy 




04 6 


Physicthera 


phy 


04 7 


Radiology 




04 8 


Pediatric N 


ur.se 


04 9 


General Med 


ical 


050 


Opthalmolog 


ist 


05 1 


Throat-nose 


-ear Physician 


05 2 


Neurologist 




05 3 


Derm atologi 


St 


054 


Diet itia n 




05 5 


Miscellaneo 


us 


05 6 


Specialist 




05 7 


Teacher/Ins 


trucior 


05 8 


Messenge r 




05 9 


Cook 




06 0 


Gardener 




05 1 


Shoemaker 




06 2 


Tailor 




05 3 


Bar ber 
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06 4 


Jani tor 




06 5 


Forester 




066 


Sketcher 




05 7 


Security 




06 8 


Lifeguard 




05 9 


Parking Has 


ter 


07 0 


Fire Brigad 


e 


071 


Physical Fi 


tness 


07 2 


Artist 




07 3 


Cler gy 




074 


Laundry 




07 5 


Ocean Tide 




076 


Petr o-chemi 


cal T 


077 


Geography 




07 8 


Miscellanea 


us 



.cian 



20 . 



GROUP CODE OP EDUCATION: 

000 General Development 

001 Mationa'l Defense 

002 Joint Command S Staff College 

003 Command 5 Staff College Level 

004 2nd Officer Continuing Education Level 

005 1st Officer Continuing Education Level 
011 SCO Continuing Education Level 

100 Formation 

101 military Academy Level 

102 Fundamental Officer Education Level 

103 Candidate Officer Education Level 

111 Candidate NCO Education Level 

112 Candidate Corporal Education Level 

113 Candidate Enlisted Education Level 

200 Labor 

201 Labor Education Level 
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300 General Education 

301 (Jniversity Level 

302 Academy Level 

303 Senior High School Level 

304 Junior High School Level 

305 Elementary School Level (graduate) 

306 Elementary school level (not graduate) 

400 Specialist Military Education 

401 Specialist 

402 Officer Specialist 

403 NO 0 Specialist 

404 Enlisted Specialist 

405 Civilian Specialist 

500 General Course 
21. ECHELON OF PROFESSION: 



1 1 


Echelon 


1-A 


23 


Echelon 


2-Z 


12- 


Eche Ion 


1-B 


24 


Echelon 


2-D 


13 


Ec h e lo n 


1-C 


25 


Echelon 


2-E 


14 


Echelon 


1-D 


25 


Echelon 


2-F 


15 


Echelon 


1-E 


31 


Echelon 


3- A 


16 


Echelon 


1-F 


32 


Echelon 


3-3 


17 


Ec h e lo n 


1-G 


33 


Echelon 


3-C 


18 


Eche Ion 


1-H 


3 4 


Echelon 


3-D 


21 


Echelon 


2-A 


35 


Echelon 


3-E 


22 


Echelon 


2-3 


43 


Functional 


STATION : 










NO 


t include 


here for 


securi 


ty reason 


s. 



23. VIOLATION: 



3 Negative data 



1 Discipline 

2 Law 
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24. WHAT 



This table will be coiaplersd later by 
Iielligence/Security officer, since the author does net 
data at this time. 



an 

have 
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APPENDIX B 
DATABASE DICTION A BY 

This data dictionary contains descriptions of 
Personnel Data Base segments (data elements groups) 
their data elements. There are six columns in the table: 

1. Element Number ( ELM #) . The data elament/segm 
number contains four digits. The first two digits 
the segment number, beginning from the root 
increasing by one (leading zeroes suppressed) , 
another two digits for the data element number in 
segment beginning from one and increasing by one. 

2. Data Element (DATA_ ELEMENT) . This column conta 
data element/segment name as it is known to 
users. 

3. Data Name ( DATA_NA ME) . This column contains 
unique name for data element/segment which is to 
used by programmsr/u ser when retrieving data from 
Database. 

4. Type (TYPE). This column contains the data elemer 

type where N means Numeric and AN me 

Alpha-Numeric. 

5. Number of Character ( OF CHAR). This column cota 
number of characters in the record field of the d 
element /seg me nt. 

6. Description (DESCRIPTION). This column contains 
description of the data element/segment. Descri 
are the data element/segment relationships (dep 
dent, root, etc.), key record/segment, admin ist rat 



the 

and 

ent 

is 

and 

and 

the 

ins 

the 

the 

be 

the 

t' s 
ans 

ins 

ata 

the 

bed 

en- 

ive 
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control, usage, and 


id ant if ic 


ations. This description 




helps the programmer 


/ user to 


find 


tha path tc desire 




data elemsnts/segmec 


ts in the 


data 


base . 


The abbreviations used 


in the data di 


ctionary table are: 


DB for Database, segm for 


segmen , 


lav 


for lavel, tbl for 


table 


. YYMMDD for Year (two digits) 


, Mon 


th (two digits) and 


Date 


(two digits), occur fo 


r occur: a 


nee. 


dependt fer depen- 


dent , 


Kg for Kilogram, and 


Cm for Ca 


a timeter. 


ELM 


DATA-ELEMENT 


DATA- 


TY- 


#OF DESCRIPTION 


# 




NAME 


PE 


CHAR 


100 


Main identification 


MAINID 




76 Root segm DB 










lev 1, segm 1, 










one occur 


101 


Personal Serial 


SERNUM 


N 


9 Record key 




Number 






(Main Key) 


102 


Name 


NAME 


AN 


26 Name, title 


103 


Corps 


CORPS 


N 


3 See corps tbl 










(19) 


104 


Sex 


SEX 


N 


1 See sex tbl (3) 


105 


Birth date 


DMBIRTH 


M 


6 YYMMDD 


106 


Birth place 


PMBIRTH 


AN 


15 Town (city) 


107 


Religion 


RELIGION 


N 


1 See religion 










tbl (12) 


108 


Tribe 


TRIBE 


AN 


15 


200 


Personal 


CHARACT 




Dependt segm of 



root , lev 1 , 
segm 2, one 
occur 
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300 Marriage 



HARR 



7 



Dependt seam of 
CHARACT, lav 3, 
segm 3, repeated 



301 


Marital 


status 


MARST 


N 


1 


See marital 


302 


Date of 


status 


MAEDT 


N 


6 


status abi (4) 
segm key 
YYMMDD 


400 


Address 




ADDR 




33 


Dependt segm of 



CHARACT, lev 3, 
segm 4, repeated 



401 


Address 


ADDRESS 


AN 


26 


- 


402 


Housing status 


HOOSE 


N 


1 


See housing 
status tbl (6) 
segm key 


403 


Date of status 


HOOSDT 


N 


6 


YYMMDD 


500 


Body characteristic 


BODYCHAR 




18 


Dependt segm of 
CHARACT, lev 3, 
segm 5, or.e 












occur 


501 


Height 


HEIGHT 


N 


3 


In Kg 


502 


Height 


HEIGHT 


N 


3 


la Cm 


503 


Blood type 


BLOOD 


N 


1 


See blood type 
tbl (7) , segm 
key 


504 


Color of skin 


SKIM 


N 


1 


See color of 












skin tbl (8) 


505 


Hair 


HAIR 


N 


1 


See hair tbl 












(9) 


506 


Color of eyes 


EYES 


N 


1 


See color of 
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t bl 



( 10 ) 



ey ss 



507 


Size 


of 


shoes 


SHO SS 


N 


2 






508 


Size 


of 


hat 


HAT 


N 


2 


- 




509 


Size 


of 


pants 


PANTS 


N 


1 


Sae 


pan~ shirr 
















t bl 


(11) 


510 


Size 


of 


shirt 


SHI RT 


N 


1 


3 99 


pant shirt 
















t bl 


(11) 


51 1 


S ize 


of 


chest 


CHEST 


N 


2 


- 





600 


Category and status 


CATSG 




29 


Depsndt segra of 
CHAR ACT, lev 3, 
segm 6, one 
occur 


601 


Original personal 
status 


ORPERST 


N 


2 


See personal 
status tbl (1) 


602 


Date of original 
personal status 


ORPSRDT 


N 


6 


YYMMDD 


603 


Current personal 
status 


CRPERST 


N 


2 


See personal 
status tbl (1) 
segm key 


604 


Date of current 
personal status 


CRPERDT 


N 


6 


YYMMDD 


605 


Personal category 


CAT EGO RY 


N 


1 


See personal 
category tbl 
(2) 


606 


Date of personal 
category 


DTGORY 


N 


6 


YYMMDD 


607 


Active duty 


DTACT 


N 


6 


YYMMDD 



obligated time 
(Active service 
duty began) 



700 Rank 



RANK 



39 Dependt segm of 
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root, lev 2, 
segm 3, repeated 


701 


Rank/Gro up 


RANKG 


N 


2 


See rank tbl 
(18), segm key 


702 


Status of rank 


STRANK 


N 


1 


See status of 
rank tbl (13) 


703 


Date of rank 


DTRANK 


N 


6 


YYMHDD 


704 


Number of decision 
letter 


NBDECLET 


AN 


8 


Format: NNNNMMY Y 
NNNN : Number 
MM : Month 

YY : Year 


705 


Date of decision 
letter 


DTDECLET 


N 


6 


YYMHDD 


706 


Who gave the 
decision letter 


GVDECLET 


AN 


15 


Official 

functionary 


707 


Type of promotion 


TPPROM 


N 


1 


See type of 
promotion tbl 
(14) 



800 Profession 



PROFESS 
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Dependt segm of 
root, lev 2, 
segm 4, repeated 



801 Name of profession NMPROF 

802 Number of decision NBDECP 



803 Date of decision DTPROF 

letter 

804 Number of NEWARP 

professional 

warrant 



AN 15 

AN 8 Format: NNNNMMYY 

NNNN : Number 
MM : a or. th 
YY : Y^ar 
N 6 NNNNNN-YYMMDD 



AN 



8 



Format: NNNNMHYY 
NNNN : Number 



: Month 
: Year 



58 



MM 

YY 



805 Date of warrant 

806 Echelon of 
profession 

807 Station 

808 Reporting date 

809 Status of 
placement 

810 Date of placement 



DTWARP N 

ECHELON M 

STATION N 

DTSTAT N 

STPLACE N 

DTPLACE N 



6 NNNNNN-YY MMDD 

2 See echelon 
tbl (21) 

3 See station tbl 
( 22 ) 

6 YYMMDD 

1 Sea status of 
placement tbl 
(15) 

6 YYMMDD 



900 Education 



901 Group code of 
education 

902 Education 
Institute's Name 

903 Start date 

904 completion date 

905 Station 

906 Town (city) 

907 Result of 
education 

908 Class standing 

909 Class size 



EDUC 



73 



Dependt segm of 
root, lev 2, 
segm 9, repeated 



EDUCCD 



EDUCNM 



N 3 See group code 
of education 



tbl (20) , segm 
key 

AN 1 5 



EDUCSD 

EDUCCM 

EDSTAT 

EDTOWN 

RESULT 



CST AND 
CSIZE 



N 6 YYMMDD 

N 6 YYMMDD 

N 3 See station 

tbl (22) 

AN 15 

N 1 See result of 

education tbl 

(16) 

N 3 

N 3 - 



1000 Subject 



SUBJ 18 Dependt segm of 

EDOC, lev 3, 



59 



segm 10, 
repeated 



1001 

1002 


Subject name 
Grade 


SUBJECT 

GRADE 


AN 

AN 


15 

3 


Segm key 
Can be numeric 
or alphabetic 


1100 


Family 


FAK 




76 


Deper.dt segm cf 
root , lev 2 , 
segm 6, repeat®' 


1101 


Family name 


FNA.dE 


AN 


26 


Name, ri 4 - Is 


1102 


Family relation 


FREL 


N 


1 


See family 
relation rbl 
( 17) , segm key 


1103 


Sex 


FS EX 


N 


1 


See sex tbl (3) 


1104 


Birth date 


FD BIRTH 


N 


6 


YYMMDD 


1104 


Birth place 


FPBIRTH 


AN 


15 


Town (city) 


1105 


Religion 


FPRELIGI 


N 


1 


See religion 
tbl (12) 


1107 


Address 


FADDR 


AN 


26 




1200 


Activity 


FACT 




48 


Dependt segm of 
PAM, lev 3, 
repeated 


1201 


Name of activity 


FNACT 


AN 


26 


Segm key 


1202 


Place of activity 


FPACT 


AN 


15 


Town (city) 


1203 


Start date 


FSACT 


N 


6 


YYHHDD 


1204 


Completion date 


FCACT 


N 


6 


YYMdDD 


1300 


Family education 


FEDOC 




1 6 


Dependt segm of 



FAS, lev 3, 
segm 13, 
repeated 



60 



1301 

1302 

1303 



1400 



1401 

1402 

1403 

1404 

1405 

1406 

1407 

1408 

1409 



Education 
Institute's Name 


FEDNACT 


AN 


15 




Group code of 
education 


FCD ACT 


N 


3 


See group code 
of education 
tbl (20) , segm 
key 


Result of 
education 


FEDRES 


N 


1 


See result of 
education tbl 
(16) 



Payroll 


PAYROLL 




59 


Dependt segm of 
root, lev 2, 
segm 14, one 
occurr 


Date cf begining 
payroll 


DBPAY 


N 


6 


YYMMDD 


Rank in payroll 


RKPAY 


N 


2 


See rank tbl 
(18) 


Payroll period 


PERPAY 


N 


3 


In Month 


Number of children 
authorized family 
allowence 


CHFAM 


N 


1 




Sratus of children 
authorized family 
allowence 


STCHFAM 


N 


1 


Sea children 
allowance 
status tbl (5) 


Main saLary 


MAINS A L 


N 


6 


In Rupiah 


Wife's family 
allowance 


WFALL 


N 


5 


In Rupiah 


Children family 
allowance 


CHALL 


N 


5 


In Rupiah 


Other family 
allowance 


OTALL 


N 


5 


In Rupiah 


Obligated reduction 


03RED 
6 1 


N 


5 


In Rupiah 



1410 



1411 


Rice reduction 


RCRED 


N 


5 


In Rupiah 


1412 


Other reduction 


OTRBD 


N 


5 


In Rupiah 


1413 


Total salary 


TOT SAL 


N 


6 


In Rupiah 


1414 


Unit of payroll 


UNPAY 


N 


4 


See station 
tbl (2 2) , segm 
key 



1500 


Security 


SEC 




35 


Dependt segm of 
root, lev 2, 
segm 15, 
repeated 


1501 


Violation /Inf rings 


VTYPE 


N 


1 


See violation/ 
infringe type 
tbl (23) , segm 
key 


1502 


What 


WHAT 


N 


3 


See what tbl 
(24) 


1503 


where 


WHERE 


AN 


15 


Town (city) 


1504 


When 


WHEN 


N 


6 


J Y H M D D 


1505 


Why 


WHY 


N 


5 


This reason 
description is 
stored in other 
file with key 
number here 
(N 5) 


1506 


How 


HOW 


N 


5 


Same as 1505 



1600 Who involved WHOINV 50 Dependt segm of 



SBC, lev 3, 
segm 1 6 , 
repeated 



1601 


Name involved 


IN V NAME 


AN 


26 


Segm key 


1602 


Personal 


PSRSID 


AN 


9 


Personal serial 



62 



identified tion 



PRO FIN V 



AN 1 5 



number or oth=>r 
valid identi- 
fication 



1603 Profession 



1700 


Measures 


MEAS 




27 


Dependt segm of 
SEC, lev 3, segm 
15, repeated 


1701 


Type of action 


NMEAS 


AN 


15 


Segm key 


1702 


Start dare 


SMEAS 


N 


6 


yy mmdd 


1703 


Completion date 


CMEAS 


N 


6 


Y YM MDD 



6 3 



APPENDIX C 

NBA DATABASE DICTIONARY 



This data dictionary contains descriptions of the Personnel 
Data Base segments (data elements groups) and their data 
elements. There are six columns in the table: 
(See Appendix B for abbreviations) 



EL-1 

# 


DATA-SLEMENT 


DATA- 

NAME 


TY- 

PE 


#OF 

CHAR 


DESCRIPTION 


100 


Main identification 


MAINID 




76 


Root segm DB 
lev 1, seam 1, 
one occur 


101 


Personal Serial 
Number 


SE8NUH 


N 


9 


Record hey 
(Main Key) 


102 


Name 


NAME 


AN 


26 


Name , title 


103 


Corps 


CORPS 


N 


3 


See corps tbl 
(19) 


104 


Sex 


SEX 


N 


1 


See sex tbl (3) 


105 


Birth date 


DMBIRTH 


N 


6 


YYMMDD 


106 


Birth place 


PMBIRTH 


AN 


15 


Town (city) 


107 


Religion 


RELIGION 


N 


1 


See religion 
tbl (12) 


108 


Tribe 


TRI3E 


AN 


15 


■” 


200 


Personal 


CHARACT 






Dependt segm of 



root, lev 1 , 
sagm 2 , one 



64 



occur 



300 


Marriage 


MARR 




7 


Dependt segm of 
CHAR ACT, Is 7 3, 
ssam 3, repeated 


301 


Marital status 


MARST 


N 


1 


See marital 
status tbl (4) 
segm key 


302 


Date of status 


MARDT 


N 


6 


YYMMDD 


400 


Address 


ADDR 




26 


Dependt segm of 
CHARACT, lav 3 , 
segm 4, repeated 


40 1 


Address 


ADDRESS 


AN 


26 


- 


500 


Address status 


ADDRSTA 




7 


Dependt segm of 
ADDR, lev 4, 
segm 5, repeated 


501 


Housing status 


HOUSE 


U 


1 


See housing 
status tbl (6) 
segm key 


502 


Date of status 


HOUSDT 


N 


6 


YYMMDD 


600 


Body charachteristic 


BODTCHAR 




10 


Dependt segm of 
CHARACT, lev 3, 
segm 6, one 












occur 


601 


Weight 


WEIGHT 


N 


3 


In Kg 


602 


Height 


HEIGHT 


N 


3 


In Cm 


603 


Blood type 


BLOOD 


N 


1 


See blood type 



tbl (7) , segm 



65 



604 Color of skin 



SKIN 



N 



1 



See color of 
skin tbl (8 ) 



605 


Hair 






HAIR 


N 


1 


See 


hair 


tbl 
















(9) 








606 


Color 


of 


e yes 


EYES 


N 


1 


See 


color o 


f 
















eyes 


tbl 


(1 


0) 


700 


Personal 


size 


PERSIZ 




8 


Depe 


not 


seg 


m of 
















33DYCHA8 


, 1 


evel 
















4, s 


egm 


7, 


cns 
















occu 


r 






701 


Size 


of 


shoes 


SHOES 


N 


2 


- 








702 


Size 


of 


hat 


HAT 


N 


2 


- 








703 


Size 


cf 


pants 


PANTS 


N 


1 


See 


pant 


sh 


ir t 
















t bl 


(ii) 






704 


Size 


of 


shirt 


SHIRT 


N 


1 


See 


pant 


sh 


ir t 
















t bl 


( 11 ) 






705 


Size 


cf 


chest 


CHEST 


N 


2 










800 


Category 


and status CATEG 




29 


Depe 


ndt 


seg 


m of 
















CHAR 


ACT, 


Is 


v 3, 
















segtn 


9, 


one 


















occur 






801 


Origi 


nal 


personal 


ORPERST 


N 


2 


See 


pers 


ona 


1 




statu 


3 










3 a T 


us t 


bl 


(D 


802 


Date 


of 


o r ig i n a 1 


ORPERDT 


N 


6 


YYNMDD 








personal 


status 
















803 


Curre 


>nt 


personal 


CRPERST 


N 


2 


See 


pers 


ona 


1 




status 










star 


us z 


bl 


(1) 
















segm 


key 






804 


Date 


of 


curr ent 


CRPESDT 


N 


6 


YYHMDD 







personal status 



66 



805 


Personal category 


CATEGORY 


N 


1 


See personal 
category tbl 
(2) 


806 


Date of personal 
category 


DTGORY 


N 


6 


YYMMDD 


807 


Active duty 
obligated time 
(Active service 
duty began) 


DTACT 


N 


6 


YYMMDD 


900 


Rank 


RANK 




39 


Deper.dt segm of 



root, lev 2, 
segm 9, repeated 



901 


Rank/Group 


RANKG 


N 


2 


See rank tbl 
(18), segm key 


902 


Status of rank 


STRANK 


N 


1 


See status of 
rank tbl (13) 


903 


Date of rank 


DTRANK 


il 


6 


YYMMDD 


904 


Number of decision 
letter 


NBDECLET 


AN 


8 


Format: NNNNMMYY 
NSNN : Number 
MM : Month 

YY : Year 


905 


Date of decision 
letter 


DTDECLEI 


N 


6 


YYMMDD 


906 


Who gave the 
decision letter 


GVDECLEI 


AN 


15 


Off icial 
f unctiona ry 


907 


Type of promotion 


TPPROM 


N 


1 


See type of 



promotion tbl 

(14) 



1000 Profession 



PROFESS 71 Dspendt seam of 

root, lev 2, 
segm 10, 



67 



repeat ed 



1001 


Name of profession 


NMFROF 


AN 


15 


- 


1002 


Number of decision 


NBDECP 


AN 


8 


Format: NNNNMMY Y 
N N N N : Number 

MM : Month 

YY : Year 


1003 


Date of decision 
letter 


DTFROF 


N 


6 


NNNNNN-YYMM DD 


1004 


Number of 
profession al 
warrant 


NBWARP 


AN 


8 


Format: NNNNMMYY 
NNNN : Number 
MM : Month 

YY : Year 


1005 


Date cf warrant 


DTWARP 


N 


6 


NNNNNN -YYMMDD 


1006 


Echelon of 
profession 


ECHELON 


N 


2 


See echelon 
tbl (21) 


1007 


S ration 


STATION 


N 


3 


See station tbl 
(22) 


1008 


Reporting date 


DTSTAT 


N 


6 


YYMMDD 


1009 


Status of 
placement 


STPLACE 


N 


1 


See status of 
placement tbl 
(15) 


1010 


Date of placement 


DTPLACE 


N 


6 


YYMMDD 


1100 


Educatio n 


EDUC 




73 


Depen dt segm of 



root, lev 2, 
segm 11, 
repeated 



110 1 


Group code of 
educatio a 


EDUCCD 


N 


3 


See group code 
of education 
tbl (20) , segm 
key 


1102 


Education 


EDOCNM 


AN 


15 


- 



Institute's Name 
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1103 

1104 

1105 

1106 
1107 



1108 

1109 



1200 



1201 

1202 



1300 



1301 

1302 



1303 

1304 

1304 

1305 

1307 



Start date 


EDUCSD 


N 


6 


YYMMDD 


Completion date 


EDUCCM 


N 


6 


YTMMDD 


Station 


EDSTAT 


N 


3 


See st st ion 
tbl (22) 


Town (city) 


EDTOHN 


AN 


15 


- 


Result of 
education 


RESULT 


N 


1 


See result of 
education tbl 
(16) 


Class standing 


CST AND 


N 


3 


- 


Class size 


CSIZE 


N 


3 


- 



Subject 


SUB J 




18 


Dependt ssgm of 
EDUC, lev 3, 
segm 12, 
repeated 


Subject name 


SUBJECT 


AN 


15 


Segm key 


Grade 


GRADE 


AN 


3 


Can be numeric 
or alphabetic 


Family 


FAM 




76 


Dependt segm of 



coot, lev 2, 
segm 13, 
repeated 



Family name 


FNAME 


AN 


26 


Name, title 


Family relation 


FEEL 


N 


1 


See family 
relation tbl 
(17), segm key 


Sex 


FSEX 


N 


1 


See sex tbl (3) 


Birth date 


FDBIRTH 


N 


6 


IIMMDD 


Birth place 


FPBIRTH 


AN 


15 


Town (city) 


Religion 


FPRELIGI 


N 


1 


See religion 
tbl (12) 


Address 


FADDR 


AN 


26 


- 



69 



1400 


Activity 


FACT 




48 


Dependt segm 
FAN , lev 3 , 
segm 14 
repeated 


1401 


Name of activity 


FNACT 


AN 


26 


Segm key 


1402 


Place of activity 


FPACT 


AN 


15 


Town (city) 


1403 


Start date 


FS ACT 


N 


6 


IYMHDD 


1404 


Completion date 


FCACT 


N 


6 


YYHHDD 


1500 


Family education 


F2DUC 




16 


Depondt segm 



FAM, lev 3, 
segm 15, 
repeated 



1501 


Education 
Institute's Name 


FEDNACT 


AN 


15 




1502 


Group code of 
educatio n 


FCE ACT 


N 


3 


See group code 
of education 
tbl (20) , segm 
key 


1503 


Result of 
education 


FEDRES 


N 


1 


Sea result of 
education tbl 
(16) 


1600 


Payroll 


PAYROLL 




59 


Dependt segm of 



root, lev 2, 
segm 16, one 



1601 


Date of 


begining 


DBPAY 


N 


6 


occurr 

YYMMDD 


1602 


payroll 
Rank in 


payroll 


RKPAI 


N 


2 


See rank tbl 



( 18 ) 



1603 


Payroll period 


PERPAY 


N 


3 


In 


Month 


1604 


Number of children 
authorized family 
allovenca 


CHFAM 


N 


1 






1605 


Status of children 


STCHFAM 


N 


1 


See 


childre n 




authorized family 








all 


owance 




allowance 








sta 


tus tbl (5) 


1606 


Main salary 


MAI NS A L 


N 


6 


In 


Rupiah 


1607 


Wife's family 
allowance 


WFALL 


N 


5 


In 


Rupiah 


1608 


Children family 


CHALL 


N 


5 


In 


Rupiah 




allowance 












1609 


Other family 
allowance 


OTALL 


N 


5 


In 


Rupiah 


1610 


Obligated reduction 


OB RED 


N 


5 


In 


Rupiah 


1611 


Rice reduction 


RCRED 


N 


5 


In 


Rupiah 


1612 


Other reduction 


OTRED 


N 


5 


In 


Rupiah 


1613 


Total salary 


TOTSAL 


N 


6 


In 


Rupiah 


1614 


Unit of payroll 


UNPAY 


N 


4 


See 


station 



tbl (22) , segm 
key 



1790 Security SEC 35 Dependt segm of 

root, lev 2, 
segm 17, 



1701 


Violation /Inf r inge 


7TYPE 


N 


1 


repeated 

See violation/ 


1702 


What 


WHAT 


N 


3 


infringe type 
tbl (23) , segm 
key 

See what tbl 


1703 


where 


WHERE 


AN 


15 


(24) 

Town (city) 



71 



1704 When 

1705 Why 



WHEN 

WHY 



N 6 YYMMDD 

N 5 This reason 

description is 
snored in other 
file with key 
number here 
(N 5) 



1706 


How 


HOW 


N 


5 


Same as 1505 


1800 


Who invnlved 


WHOINV 




50 


Dependt segm of 
SEC, lev 3, 
segm 18, 
repeated 


1801 


Name involved 


INVNAME 


AN 


26 


Segm key 


1802 


Personal 

identification 


PEF.SID 


AN 


9 


Personal serial 
number or other 
valid identi- 
fication 


1803 


Profession 


PROFINV 


AN 


15 


• 


1900 


Measures 


ME AS 




27 


Dependt segm cf 
SEC, lev 3, segm 
19, repeated 


1901 


Type of action 


NMEAS 


AN 


15 


Segm key 


1902 


Start date 


SMEAS 


N 


6 


YYMMDD 


1903 


Completion date 


CMEAS 


N 


6 


YYMMDD 
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